4. So Bacon has feathers now? Contributing to Open Source Open Specification Promise Apache Software Foundation
5. IIS Request Processing Server functionality is split into ~ 40 modules... Modules plug into a generic request pipeline… Modules extend server functionality through a public module API. Authorization ResolveCache UpdateCache … … … Monolithic implementation Install all or nothing … Extend server functionality only through ISAPI … Send Response Log Compress NTLM Basic Determine Handler CGI Static File ISAPI Authentication Anon SendResponse Authentication ExecuteHandler ASP.NET PHP
6. IIS 6.0 ASP.NET Processing Runtime limitations Only sees ASP.NET requests Feature duplication … … … … aspnet_isapi.dll Send Response Log Compress NTLM Basic Determine Handler CGI Static File ISAPI Authentication Anon Authentication Forms Windows Map Handler ASPX Trace …
7.
8.
9.
10. New Configuration NET global settings .NET Framework Global web.config machine.config IIS 7 applicationHost.config Site Root web.config <system.web> .NET settings .. <system.webServer> IIS 7 Delegated settings ASP.NET global settings Global settings and location tags
17. FastCGI Handler Architecture IIS Worker Process Request queue FastCGI process pool for PHP5 php-cgi.exe FastCGI process pool for PHP4 php.exe FastCGI protocol over named pipes or TCP
28. SID Injection AppPool: newPool username: newPoolUser password: <password> LogonUser AccessCheck AccessCheck Service Host (SVCHost.EXE) Windows Process Activation Service (WAS) World Wide Web Service (W3SVC) applicationhost.config Token Token NewPoolWwwrootdefault.htm ACL OK OtherpoolWwwrootdefault.htm ACL Denied